Skip to content

Data Source: awsIdentitystoreGroup

Use this data source to get an Identity Store Group.

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsSsoadminInstancesExample =
  new aws.dataAwsSsoadminInstances.DataAwsSsoadminInstances(
    this,
    "example",
    {}
  );
const dataAwsIdentitystoreGroupExample =
  new aws.dataAwsIdentitystoreGroup.DataAwsIdentitystoreGroup(
    this,
    "example_1",
    {
      alternateIdentifier: {
        uniqueAttribute: {
          attributePath: "DisplayName",
          attributeValue: "ExampleGroup",
        },
      },
      identityStoreId: `\${tolist(${dataAwsSsoadminInstancesExample.identityStoreIds})[0]}`,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIdentitystoreGroupExample.overrideLogicalId("example");
new cdktf.TerraformOutput(this, "group_id", {
  value: dataAwsIdentitystoreGroupExample.groupId,
});

Argument Reference

The following arguments are required:

  • identityStoreId - (Required) Identity Store ID associated with the Single Sign-On Instance.

The following arguments are optional:

  • alternateIdentifier (Optional) A unique identifier for the group that is not the primary identifier. Conflicts with groupId and filter. Detailed below.
  • filter - (Optional, Deprecated use the alternateIdentifier attribute instead) Configuration block for filtering by a unique attribute of the group. Detailed below.
  • groupId - (Optional) The identifier for a group in the Identity Store.

-> Exactly one of the above arguments must be provided. Passing both filter and groupId is allowed for backwards compatibility.

alternateIdentifier Configuration Block

The following arguments are supported by the alternateIdentifier configuration block:

  • externalId - (Optional) Configuration block for filtering by the identifier issued by an external identity provider. Detailed below.
  • uniqueAttribute - (Optional) An entity attribute that's unique to a specific entity. Detailed below.

-> Exactly one of the above arguments must be provided.

externalId Configuration Block

The following arguments are supported by the externalId configuration block:

  • id - (Required) The identifier issued to this resource by an external identity provider.
  • issuer - (Required) The issuer for an external identifier.

filter Configuration Block

\~> The filter configuration block has been deprecated. Use alternateIdentifier instead.

The following arguments are supported by the filter configuration block:

  • attributePath - (Required) Attribute path that is used to specify which attribute name to search. Currently, displayName is the only valid attribute path.
  • attributeValue - (Required) Value for an attribute.

uniqueAttribute Configuration Block

The following arguments are supported by the uniqueAttribute configuration block:

  • attributePath - (Required) Attribute path that is used to specify which attribute name to search. For example: displayName. Refer to the Group data type.
  • attributeValue - (Required) Value for an attribute.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - Identifier of the group in the Identity Store.
  • description - Description of the specified group.
  • displayName - Group's display name value.
  • externalIds - List of identifiers issued to this resource by an external identity provider.
  • id - The identifier issued to this resource by an external identity provider.
  • issuer - The issuer for an external identifier.